To keep Friday’s story fun, I covered an incident that involves both gaming and infosec. Attackers have already created a malicious version of the popular Pokemon Go app. If you’re an Android user trying to download Pokemon Go from non-official sources, this story is no joke. Watch below to learn more.
(Episode Runtime: 3:16
Direct YouTube Link: https://www.youtube.com/watch?v=Kt54wJ3gpsY
EPISODE REFERENCES:
- Research blog post describing the backdoored Pokemon Go app – Proofpoint
- Remote access tool found in Pokemon Go – Android Central
— Corey Nachreiner, CISSP (@SecAdept)
chris says
Why do you keep saying “non official sources” for Android? Nobody checks what goes into google play – you can publish whatever you want.
Corey Nachreiner says
Chris,
That is not exactly right, IMHO, but I do get your point. I do agree that Google Play does get infected apps too, so it is not perfect. However, quite awhile back Google instituted something called “Google Bouncer”
(More here: https://en.wikipedia.org/wiki/Google_Play_Store#Application_security). This mechanism is supposed to automatically check Google Play submitted apps for maliciousness. So Google does have an app vetting process that is supposed to try and keep the malware out.
That said, there have been many cases of malicious apps getting past this, and security research on how to evade bouncer. Nonetheless, I do think you are still much safer with Google Play apps, than some APK downloaded from a third-party forum or something.
BTW, thanks for the comment.
Rob says
Hey Corey,
From what I understood the influx in users downloading these APKs were trying to get the Beta release from unofficial sources as well as certain regional areas where it was not available. Is this still happening after the public release?
Corey Nachreiner says
Yes. The initial Pokemon Go release wasn’t global. The app is free, so there is no huge reason to pirate it or get it from unofficial sources, other than the fact that it hasn’t released officially in many regions yet. For instance, I believe it’s still unavailable in Japan and other asian countries (though it’s due to come out around the end of July). Anyway, it’s people in those regions that are likely looking for the APK file to sideload, and thus the smart attackers attaching other things to the APK.